Tech consumers should not be forced to sacrifice privacy for security

  • The Consumer Technology Association supports the proposed ENCRYPT Act, which would forbid laws that require manufacturers to weaken encryption or leave "back doors" for law enforcement.
  • President and CEO Gary Shapiro argues that weakening encryption weakens privacy for law-abiding consumers.
  • Shapiro says that law enforcement already has many means at its disposal to get useful info from tech devices, and doesn't require new laws.
A woman takes a selfie with an Apple iPhone after Apple launched iPhone 8 and iPhone 8 plus at a Vodafone store in Ankara, Turkey.
Okan Ozer | Anadolu Agency | Getty Images
A woman takes a selfie with an Apple iPhone after Apple launched iPhone 8 and iPhone 8 plus at a Vodafone store in Ankara, Turkey.

We all expect privacy, especially when it comes to our phones. But how do we feel about upholding the privacy of criminals and terrorists? And what should we do if the information needed to catch or prosecute a criminal – or potentially save lives – is locked away in someone’s encrypted phone?

One problem the technology industry has recently faced is the “backdoor encryption” problem – a situation where law enforcement agencies want access to information on digital and mobile devices that may be instrumental in solving a time-sensitive case. The result is a law enforcement request for a “backdoor” to devices from tech companies – a way to bypass a device’s security measures and gain access to protected devices.

In June, a bipartisan team of legislators put forward the ENCRYPT Act (Ensuring National Constitutional Rights for Your Private Telecommunications). The bill, sponsored by Rep. Ted Lieu (D-CA), would restrict state and local governments from requiring backdoors to exist, and also prevent any restriction of encryption capabilities. The goal is to develop a standardized national encryption policy that protects users’ privacy rights. This bill is an encouraging step forward and one supported by the Consumer Technology Association (CTA).

“Having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation and ultimately law enforcement,” Rep. Lieu explained in a statement about the bill. “Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way.”

“End-to-end” encryption, which ensures information exchanged online can be viewed only by the participants in the conversation, is a common offering of internet companies. It assures users their sensitive data will not fall into the hands of hackers. As Sen. Ron Wyden (D-OR) put it, “If you want to be in a safe community, you shouldn’t be able to weaken encryption.”

This protection was put to the test in December 2015 after two shooters opened fire on workers at the San Bernardino, California, Inland Regional Center, killing 14 people. Critical information about the attack was locked in one of the shooter’s iPhones. The FBI asked Apple for access, and Apple refused. The company argued that if the platform’s backdoor “key” leaked, the security of everyone using the platform – including tens of millions of device users in the U.S. – would be compromised. Before a hearing could take place, the FBI was able to unlock the phone with the aid of a third party, but the battle over encryption continues.

The law enforcement community has claimed that laws have not kept pace with innovation, preventing investigators from gaining information necessary to keep us safe. But law enforcement already has access to a vast amount of powerful technology. Tech companies can – and do – work with law enforcement to help obtain data through means that don’t require new technical rules. Apple, for example, has a policy of releasing iCloud backup data when presented with a valid search warrant, and tools such as facial recognition software, iris scans and gait analyses can be invaluable in identifying criminals.

Transparency between law enforcement and tech companies is critical. But law enforcement needs to avoid overreach, and tech companies should clearly explain data protection policies to customers as well as law enforcement agencies.

That way, the privacy and security of millions of law-abiding users won’t be compromised – and their confidence in technology will remain strong. Encryption doesn’t have to be a black-and-white issue. In an ideal world, we won’t have to choose between privacy and security, but instead be able to find ways for the two to coexist.

Gary Shapiro is president and CEO of the Consumer Technology Association, the U.S. trade association representing more than 2,200 consumer technology companies, and author of the New York Times best-selling books, Ninja Innovation: The Ten Killer Strategies of the World's Most Successful Businesses and The Comeback: How Innovation Will Restore the American Dream. His views are his own. Connect with him on Twitter: @GaryShapiro